IN THE CLAIMS: 

1-37. (cancelled) 

38. (currently amended) A method to protect from unauthorized access 
electronic data objects, each electronic data object being related to a particular 
medical patient, comprising the steps of: 

providing a separate application data store containing said patient related 
electronic data objects, each electronic data object having an associated data object 
identifier which is automaticallv generated using information stored in the data obiect 
so that the identifier is dependent on the content of the data object to at least one of 
form structural connections of the data object to groups, teams, or references to 
people, form contextual associations of the data object with subject areas or studies, 
or form affiliation of the data object with clinical studies, diagnostic findings, or with 
diagnostic image types; 

providing a separate user group store for association of a plurality of unique 
medical field user IDs dependent on previously determined information for 
identification and authentication of the medical field users; 

providing a separate data object category store for association of said data 
object identifiers with access right categories so that access rights can thereby be 
determined from the data obiect itself ; 

providing a separate access right store for associating said medical field user 
IDs with said access right categories so that it can be determined for a particular 
medical field user the type of access allowed for the particular medical field user for 
reading, changing, or deleting information contained in the data objects; 

providing an access control module connected to access said access right 
store, said data object category store, and said user group store and which monitors 
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and controls data accesses by said medical field users to said data objects in said 
data application store, said access control module determining a medical field user 
ID from the user group store, and using said medical field user ID, determining an 
access right category via said access right store, and via access to said data object 
category store, said access control module dotorm i nings determining , using said 
data object identifiers, which access right category is associated with the data object 
which the medical field user is attempting to access. 



-3- 



